Microsoft Issues Patches for 4 Bugs Exploited as Zero-Day in the Wild
It’s April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month’s patch management process would not go easy for many organizations where most of the resources are working remotely.
Microsoft today released the latest batch of software security updates for all supported versions of its Windows operating systems and other products that patch a total of 113 new security vulnerabilities, 17 of which are critical and 96 rated important in severity.
Source: The hacker news / Bleeping computer / Krebs on security / Dark reading / Threatpost / Security week / TALOS intelligence blog / SANS internet storm center
Adobe Fixes ‘Important’ Flaws in ColdFusion, After Effects and Digital Editions
Adobe released security patches for vulnerabilities in its ColdFusion, After Effects and Digital Editions applications. If exploited, the flaws could enable attackers to view sensitive data, gain escalated privileges, and launch denial-of-service attacks. Each of the bugs were rated important-severity, based on CVSS rankings, marking an extremely low-volume month for Adobe bug fixes. Three of the vulnerabilities disclosed this week were discovered in ColdFusion, Adobe’s commercial rapid web-application development platform. These flaws included an insufficient input validation flaw (CVE-2020-3767) that could enable application-level denial of service (DoS), a DLL search-order hijacking glitch (CVE-2020-3768) that could enable privilege escalation, and an improper access control (CVE-2020-3796) which could lead to system file structure disclosure.
Source: Threatpost / Security week / Helpnet security / Adobe security bulletin
Intel April Platform Update fixes high severity security issues
Intel addressed nine security vulnerabilities with the April 2020 Platform Update, all of them being high and medium severity security flaws impacting multiple software products, firmware, and platforms. The security issues patched today were detailed in the 6 security advisories issued by Intel on its Product Security Center, delivered to customers through the Intel Platform Update (IPU) process. Vulnerabilities disclosed today could allow unauthenticated or authenticated or privileged users to trigger denial of service states and escalate privileges at an elevated level of privilege via local or adjacent access on unpatched systems.
Source: Bleeping computer
VMWare releases fix for critical vCenter Server vulnerability
VMware released a security update that fixes a critical vulnerability in the vCenter Server virtual infrastructure management platform that could allow attackers to gain access to sensitive information and potentially take control of affected virtual appliances or Windows systems. vCenter Server provides IT admins with centralized management of virtualized hosts and virtual machines within enterprise environments from a single console.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert saying that an “attacker could exploit this vulnerability to take control of an affected system,” and encouraging users and administrators to update. The privately reported vulnerability is tracked as CVE-2020-3952 and it was rated with a maximum CVSSv3 base score of 10 according to VMware’s security advisory.
Source: Bleeping computer / Threatpost / Security week / Helpnet security / VM ware security advisory / SANS internet storm center
Oracle Tackles a Massive 405 Bugs for Its April Quarterly Patch Update
Oracle admins are staring down the barrel of a massive quarterly Critical Patch Update that includes 405 patches. Business software giant Oracle Corp. revealed 286 of those vulnerabilities are remotely exploitable across nearly two dozen product lines.
Impacted with multiple critical flaws, rated 9.8 CVSS in severity, are 13 key Oracle products including Oracle Financial Services Applications, Oracle MySQL, Oracle Retail Applications and Oracle Support Tools, according to the company’s April Critical Patch Update Pre-Release Announcement, posted Monday. Each of the bugs will be addressed with mitigation advice or patches by Oracle on Tuesday, coinciding with Microsoft’s April’s Patch Tuesday release of fixes. That will keep system and network admins taxed with a flood of critical vulnerabilities to contend with.
Patch-a-Palooza: More Than 560 Flaws Fixed in a Single Day
On April 14, six makers of popular enterprise software — Microsoft, Oracle, SAP, Intel, Adobe, and VMware — issued patches for at least 567 software vulnerabilities. Oracle’s Critical Patch Update for the month, which rolls up fixes into a single massive patch for each product, accounted for more than 70% of the patch load, addressing 405 new security vulnerabilities, according to the company. An analysis of Microsoft’s April security bulletin found that the company closed 113 security vulnerabilities, while SAP, Intel, Adobe, and VMware accounted for another 49 issues.
Overall, the crowding of software fixes has turned the second Tuesday of the month — a day on which Microsoft has traditionally released patches for many years — into a deluge of work for IT groups, says Jake Kouns, CEO and co-founder of Risk Based Security, a vulnerability information and management firm.
“Patch Tuesday is all about making software updates more organized so that companies can assign resources because they know when [the patches] come out,” he says. “With more and more companies piggybacking on that, it becomes a challenge. How many patches can you handle in one day?”
Source: Dark reading
Quarterly Report: Incident Response trends in Spring 2020
Cisco Talos Incident Response (CTIR) engagements continue to be dominated by ransomware and commodity trojans. As alluded to in last quarter’s report, ransomware actors have begun threatening to release sensitive information from victims as a means of further compelling them to pay. Additionally, DDoS and coinminer threats reemerged in spring 2020 after absences in the previous quarter. Looking at information from November 2019 through January 2020, ransomware maintains its status as the most prevalent threat, and CTIR has observed some changes in the top ransomware offender — Ryuk.
Source: TALOS intelligence blog
Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic
As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminals—with no conscience and empathy—are continuously targeting healthcare organizations, research facilities, and other governmental organizations with ransomware and malicious information stealers.
The new research, published by Palo Alto Networks and shared with The Hacker News, confirmed that “the threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis”.
Source: The hacker news / Threatpost
Google and Apple Plan to Turn Phones into COVID-19 Contact-Tracking Devices
Tech giants Apple and Google have joined forces to develop an interoperable contract-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. As part of this new initiative, the companies are expected to release an API that public agencies can integrate into their apps. The next iteration will be a built-in system-level platform that uses Bluetooth low energy (BLE) beacons to allow for contact tracing on an opt-in basis. The APIs are expected to be available mid-May for Android and iOS, with the broader contact tracing system set to roll out “in the coming months.”
Source: The hacker news / Threatpost / Bruce Schneier on security / Security week
Dark Nexus: A New Emerging IoT Botnet Malware Spotted in the Wild
Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage ‘distributed denial-of-service’ attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named “dark_nexus” by Bitdefender researchers, works by employing credential stuffing attacks against a variety of devices, such as routers (from Dasan Zhone, Dlink, and ASUS), video recorders, and thermal cameras, to co-opt them into the botnet. So far, dark_nexus comprises at least 1,372 bots, acting as a reverse proxy, spanning across various locations in China, South Korea, Thailand, Brazil, and Russia.
“While it might share some features with previously known IoT botnets, the way some of its modules have been developed makes it significantly more potent and robust,” the researchers said. “For example, payloads are compiled for 12 different CPU architectures and dynamically delivered based on the victim’s configuration.”
Source: The hacker news / Bleeping computer / Security week / Bitdefender whitepaper
7 Ways Hackers and Scammers Are Exploiting Coronavirus Panic
In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money.
Unfortunately, to some extent, it’s working, and that’s because the attack surface is changing and expanding rapidly as many organizations and business tasks are going digital without much preparation, exposing themselves to more potential threats.
Most of the recent cyberattacks are primarily exploiting the fears around the COVID-19 outbreak—fueled by disinformation and fake news—to distribute malware via Google Play apps, malicious links and attachments, and execute ransomware attacks.
Source: The hacker news / Bleeping computer / Security week / Trendmicro blog / Helpnet security / ESET blog
Large email extortion campaign underway, DON’T PANIC!
A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer’s webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends.
BleepingComputer has been reporting on these scams since the summer of 2018 when they started to be sent by scammers. While many would disregard these emails, some have been so concerned that a video would leak that they sent payments to the scammers. In the first week that these extortion emails began to be sent out, concerned recipients sent over $50,000 in bitcoin to the attackers.
Source: Bleeping computer
RagnarLocker ransomware hits EDP energy giant, asks for €10M
Attackers using the Ragnar Locker ransomware have encrypted the systems of Portuguese multinational energy giant Energias de Portugal (EDP) and are now asking for a 1580 BTC ransom ($10.9M or €9.9M). EDP Group is one of the largest European operators in the energy sector (gas and electricity) and the world’s 4th largest producer of wind energy.
The company is present in 19 countries and on 4 continents, it has over 11.500 employees and delivers energy to more than 11 million customers.
Source: Bleeping computer
Dell Releases Security Tool to Defend PCs from BIOS Attacks
Dell last week released a new security tool to protect PCs against cyberattacks targeting the BIOS. The SafeBIOS Events & Indicators of Attack (IoA) detects changes in BIOS configuration. As more employees transition to home offices, cybercriminals are shifting their attack strategies to compromise endpoints and get to critical data, Dell explains in a blog post on the news. The company anticipates attackers will target the BIOS, a system built deep into the core of PCs that handles critical operations such as booting the machine and establishing a secure configuration.
Source: Dark reading / The hacker news / Security week / DELL blog
LinkedIn OSINT Techniques (II)
Welcome back to this two-part guide on how to extract open source intelligence information from LinkedIn targets. If you haven’t read Part I, which covers some of the smaller bits of information that can be exploited, you can do so here. Part II will continue showcasing points of exploitation that are associated with more robust accounts such as a target’s experience, volunteer work, education, etc.
Secjuice Squeeze Volume 19
Welcome to the 19th edition of the Secjuice Squeeze, a curated selection of interesting security articles and infosec news that you may have missed, lovingly prepared for you every week (most of the time—we took a few break the past few weeks). We are transitioning to a new format this week. This week’s volume compiled by Secjuice writers Miguel Calles, Mike Peterson, Bhumish Gajjar, and Sinwindie.
Reconnaissance for Beginners (2)
In my first article on cybersecurity for beginners, I gave an overview on the different phases of attack, in this article we will focus on reconnaissance and how to go about investigating your target.
Source: Secjuice (Andy74)